| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YhLvMVGIsyvu1dXK@d3>
Date: Mon, 21 Feb 2022 10:47:29 +0900
From: Benjamin Poirier <bpoirier@...dia.com>
To: Roopa Prabhu <roopa@...dia.com>
CC: <davem@...emloft.net>, <kuba@...nel.org>, <netdev@...r.kernel.org>,
<stephen@...workplumber.org>, <nikolay@...ulusnetworks.com>,
<idosch@...dia.com>, <dsahern@...il.com>
Subject: Re: [PATCH net-next 10/12] selinux: add support for RTM_NEWTUNNEL,
RTM_DELTUNNEL, and RTM_GETTUNNEL
On 2022-02-20 14:04 +0000, Roopa Prabhu wrote:
> From: Benjamin Poirier <bpoirier@...dia.com>
>
> This patch adds newly added RTM_*TUNNEL msgs to nlmsg_route_perms
>
> Signed-off-by: Benjamin Poirier <bpoirier@...dia.com>
> ---
> security/selinux/nlmsgtab.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
> index 94ea2a8b2bb7..6ad3ee02e023 100644
> --- a/security/selinux/nlmsgtab.c
> +++ b/security/selinux/nlmsgtab.c
> @@ -91,6 +91,9 @@ static const struct nlmsg_perm nlmsg_route_perms[] =
> { RTM_NEWNEXTHOPBUCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
> { RTM_DELNEXTHOPBUCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
> { RTM_GETNEXTHOPBUCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ },
> + { RTM_NEWTUNNEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
> + { RTM_DELTUNNEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
> + { RTM_GETTUNNEL, NETLINK_ROUTE_SOCKET__NLMSG_READ },
> };
>
> static const struct nlmsg_perm nlmsg_tcpdiag_perms[] =
> @@ -176,7 +179,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
> * structures at the top of this file with the new mappings
> * before updating the BUILD_BUG_ON() macro!
> */
> - BUILD_BUG_ON(RTM_MAX != (RTM_NEWNEXTHOPBUCKET + 3));
> + BUILD_BUG_ON(RTM_MAX != (RTM_NEWTUNNEL + 3));
This patch should be folded with patch 06 ("rtnetlink: add new rtm
tunnel api for tunnel id filtering") otherwise there is build breakage
partway through the series when compiling with
CONFIG_SECURITY_SELINUX=y:
CC security/selinux/nlmsgtab.o
In file included from <command-line>:
security/selinux/nlmsgtab.c: In function ‘selinux_nlmsg_lookup’:
././include/linux/compiler_types.h:349:45: error: call to ‘__compiletime_assert_516’ declared with attribute error: BUILD_BUG_ON failed: RTM_MAX != (RTM_NEWNEXTHOPBUCKET + 3)
349 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
| ^
Powered by blists - more mailing lists